#office-hours (2020-10)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2020-10-07
I am extremely proud (really, tickled pink) to present my company’s very first open source project!
https://github.com/saic-oss/terraform-aws-rke-rancher-master-cluster
Terraform module that creates an RKE cluster, meant to serve as nothing but a highly-available Rancher “master” cluster - saic-oss/terraform-aws-rke-rancher-master-cluster
@roth.andy I was reading the readme of you module and what is the reason behind not able to use private subnets?
Terraform module that creates an RKE cluster, meant to serve as nothing but a highly-available Rancher “master” cluster - saic-oss/terraform-aws-rke-rancher-master-cluster
I’m little weary to use public subnets and send traffic over the internet to manage my k8s clusters
I thought adding a internal alb + private subnets should work
but I could be wrong
You can, it just takes more work to set up a bastion host and such. Since this is an MVP and won’t ever hold secured operational data we are okay with it for now
I c ok, I though that maybe there was some restrictions on how to run rancher etc and needed to be public somehow
@here office hours is starting in 30 minutes! Remember to post your questions here.
serverless.tf - I want to explain how we use Terraform to do serverless on AWS, and explain briefly the reasons. And also, I want to just say “Hi!”
Cool, let’s do that!
Added it to the agenda
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Anton Babenko has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Andrew Roth has joined Public “Office Hours”
Michael Holt has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Tim Gourley has joined Public “Office Hours”
15139103984 has joined Public “Office Hours”
Marcin Brański has joined Public “Office Hours”
Loren Gordon has joined Public “Office Hours”
Jagan R has joined Public “Office Hours”
Nigel Kirby has joined Public “Office Hours”
Christopher Picht has joined Public “Office Hours”
Stan M has joined Public “Office Hours”
Kareem Shahin has joined Public “Office Hours”
Sri has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Isa Aguilar has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Jeremy (Cloud Posse) has joined Public “Office Hours”
Joseph Ashwin Kottapurath has joined Public “Office Hours”
vicken has joined Public “Office Hours”
Osmel Mata has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
mmhmm is in beta and invite-only
Geoff Weinhold has joined Public “Office Hours”
Osmel Mata has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
Sheldon Hull has joined Public “Office Hours”
Easy way to vendor portions of git repos, github releases, etc. declaratively - k14s/vendir
AWS has made available three new S3 security & access control features: Object Ownership, Bucket Owner Condition, Copy API via Access Points.
Ken y.y has joined Public “Office Hours”
Andrey Nazarov has joined Public “Office Hours”
They offer a 5 free user tier so that is a plus. Looks like the free has cost estimation and policy evaluation included out of the gate
Wow. Gotta look into this for sure
$20 active user + month is killer in comparison if it’s as feature rich overall
missing netlify
Pricing for Terraform enhanced remote backends can be complex and misleading. Here’s our attempt to help you have a clearer view.
Learn about our flexible, usage based pricing that makes it easy to get started empowering your team with self service cloud environments.
Jim Park has joined Public “Office Hours”
Adam Blackwell has joined Public “Office Hours”
Charlie Le has joined Public “Office Hours”
The democratization of cloud technology brings autonomy and agility to end users, who can access and spin up resources quickly. Builders get to experiment ideas, develop applications, and deploy products globally to meet local customers’ needs. Organization leaders want to unleash the team’s creativity and accelerate the time-to-market, while keeping the cloud cost within limits. […]
I just learned about this with a surprise email after enabling cost explorer on a new AWS account. Below are a couple updates that might be worth sharing in office hours:
• Enabling cost explorer now turns on this feature by default: https://aws.amazon.com/blogs/aws-cloud-financial-management/new-aws-cost-explorer-users-can-now-automatically-detect-cost-anomalies/
• It’s been GA since 2020 apparently: https://aws.amazon.com/blogs/aws-cloud-financial-management/announcing-general-availability-of-aws-cost-anomaly-detection/
Starting today, AWS Cost Anomaly Detection will be automatically enabled for all new AWS Cost Explorer customers by default to help save time and increase cost control. This means that if you own a standalone account or management account and enable AWS Cost Explorer, on or after March 27, 2023, you will automatically have a default configuration of AWS Cost Anomaly Detection that monitors your spend by AWS service and emails you a daily summary when a cost anomaly above a certain threshold is detected.
We are excited to announce that AWS Cost Anomaly Detection is now generally available. AWS Cost Anomaly Detection uses a multi-layered machine learning model that learns your unique, historic spend patterns to detect one-time cost spike and/or continuous cost increases, without you having to define your thresholds. Every anomaly detected will be available in the detection history tab. We send you the anomaly detection report with root-cause analysis. And the service also comes at no cost to our customers.
Anonymized, secure, and free Terraform cost estimation based on Terraform plan (0.12+) or Terraform state (any version)
Cloud cost estimates for Terraform in your CLI and pull requests - infracost/infracost
If we have time at the end….
I’m trying to implement a better backup solution for SQL Server in AWS EC2 instances. EFS has been mentioned . I haven’t done this before and wondering if anyone has had luck with using EFS for backups from an ec2 instance as a “network storage” solution backed by AWS.
Most other solutions I’ve seen use EBS/AMI snapshots which i doubt will give me RPO of 15
Introduction Using a shared file system is an important component for many computing infrastructures. For Linux systems, this is typically done using a network file system (NFS) and mounting it from the Linux hosts. Users can store data in their home directories and can share data with other users across the file system. Amazon Elastic […]
Charlie Le has joined Public “Office Hours”
This is awesome
Anonymized, secure, and free Terraform cost estimation based on Terraform plan (0.12+) or Terraform state (any version) - antonbabenko/terraform-cost-estimation
Going to try the github action. So cool! Thanks for sharing @antonbabenko you are doing so many freaking cool things.
Really cool @antonbabenko! Sharing with team!
Terraform module that creates an RKE cluster, meant to serve as nothing but a highly-available Rancher “master” cluster - saic-oss/terraform-aws-rke-rancher-master-cluster
I found one tact that works is to tie open source to recruiting efforts. And of course, to get executive leadership buy in along those lines.
Yea, I think that’s a good one
Thanks for the taskfile!
Does anyone use a task runner framework like this instead? Python being so popular thought it might have traction? https://pydoit.org/
Also precommit in vscode gets difficult, console fine. I want to figure out how to get precommit working better. Maybe will chat in general about this more.
If there is Python - it will be an automation tool.
If there is Ruby - it will be code generation tool.
Related to the current conversation: https://github.com/cloudflare/cf-terraforming
Going to try taskfile. Cross platform as well. Seems much much simpler than variant2 with a focus on replacing make instead, which for simple quick tasks is what I wanted to find. I use InvokeBuild which is very robust, but not as simple
Ya, taskfile was one of the first things we considered, but flipped to #variant
I still think it’s totally cool though
fwiw, a bunch of recent bug fixes in variant2. we’ve been sponsoring mumoshu to get it over the line. soooooo close
I do live streams talking about things I enjoy working with — IaC, DevOps, Terraform, and AWS.
absolutely second the idea that a big part of serverless is eliminating the need for a vpc. that was a revelation to me, recently. it’s incredibly freeing
here is the claranet version: https://github.com/claranet/terraform-aws-lambda
Terraform module for AWS Lambda functions. Contribute to claranet/terraform-aws-lambda development by creating an account on GitHub.
@randomy has also published something of a v2 with a whole new set of features: https://github.com/raymondbutcher/terraform-aws-lambda-builder
Terraform module to build Lambda functions in Lambda or CodeBuild - raymondbutcher/terraform-aws-lambda-builder
But it’s a common thing for the whole industry. “Helloworlds” always work great, but something beyond this - hmmmm, now we talk)
Another use case for scalr perhaps Need to bring my container if I want it to fully be controlled with libraries etc.
I think they are considering that (or already doing it)
Spacelift.io does that
I like that spacelift does role assumption automatically simplifying things with STS creds. It is missing module library like scalr right now though.
@sheldonh the private module registry was released 2 weeks ago, have a look https://docs.spacelift.io/concepts/modules
In this article you can find how Spacelift can help you manage Terraform Modules.
@antonbabenko suggestion. If you want others to be able to easily contribute, debug the main module…. consider adding a gitpod yml For open source i think it’s free and you’ll get a full fledged ready to go environment with all tools for folks to run. That or I guess maybe a docker image + gitpod
yes, I have access to GitHub Codespaces for that purpose, but don’t have time to work on it.
serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform. - antonbabenko/serverless.tf
Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations - terraform-aws-modules/terraform-aws-lambda
That was cool. Thanks a lot to everybody involved!
(Errr recording from today’s session coming soon. Scalar public beta announced. Some interest to discuss perhaps differences between scale the other solutions)
2020-10-08
2020-10-10
2020-10-14
I can’t talk so I’ll miss office hours this week ( had a small dental emergency and I needed a bunch of anesthetic so I can’t feel my mouth )
Yes… I anticipate lower turnout today due to HashiConf. Hopefully we get some nice updates though for next week from all those that attend the online conf.
@here office hours is starting in 30 minutes! Remember to post your questions here.
I keep peeling layers of k8 and finding more that I don’t understand. I’d appreciate hearing a discussion of the most important concepts in k8, to learn as a platform for managing/configuring going forward.
Eric - we’ll get to this next week!
Thanks! This stuff is top of my current sprint, so i’ll (hopefully) have more to contribute to this convo next week. Thanks again as always for hosting Office Hours!!
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Colton Wrisner has joined Public “Office Hours”
charles pogi has joined Public “Office Hours”
Andrew Roth has joined Public “Office Hours”
Rohit G has joined Public “Office Hours”
Dale-Kurt Murray has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
Alexis Concepcion has joined Public “Office Hours”
David Lundgren has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
Adam Crown has joined Public “Office Hours”
vicken has joined Public “Office Hours”
Loren Gordon has joined Public “Office Hours”
Kareem Shahin has joined Public “Office Hours”
Anton Babenko has joined Public “Office Hours”
Matt Gowie has joined Public “Office Hours”
Marcin Brański has joined Public “Office Hours”
John Shiple has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
Marc Tamsky has joined Public “Office Hours”
Guelor Emanuel has joined Public “Office Hours”
John McGehee has joined Public “Office Hours”
sri has joined Public “Office Hours”
Jay Zalowitz has joined Public “Office Hours”
Christopher Picht has joined Public “Office Hours”
Neil Gealy has joined Public “Office Hours”
Zadkiel AHARONIAN has joined Public “Office Hours”
Ian Bartholomew has joined Public “Office Hours”
Ola Ade has joined Public “Office Hours”
Mikael Fridh has joined Public “Office Hours”
Jawwad Yunus has joined Public “Office Hours”
re: secrets, operators, chamber etc… and even ECS’s secrets support. I still prefer Chamber in most cases. explicit is better than implicit, it’s said… and I agree. However, it’s also alot more verbose. .
EKS should support “UserData”.
User data was added in august for managed node groups. https://aws.amazon.com/blogs/containers/introducing-launch-template-and-custom-ami-support-in-amazon-eks-managed-node-groups/
Amazon Elastic Kubernetes Service (EKS) now supports EC2 Launch Templates and custom AMIs for managed node groups. When combined, these new features provide flexible configuration and customization options for Amazon EC2 instances which are managed as Kubernetes nodes by EKS. This enables you to leverage the simplicity of managed node provisioning and lifecycle management features […]
recent versions of our modules support it
I mean manifest UserData for better control of the initial bootstrap of the cluster itself .
@Erik Osterman (Cloud Posse) @antonbabenko here’s the hashicorp recommendation… https://www.terraform.io/docs/configuration/version-constraints.html#terraform-core-and-provider-versions
Terraform by HashiCorp
Alexis Concepcion has joined Public “Office Hours”
A CLI tool to make git changes across many repos, especially useful with Microservices. - Clever/microplane
Universal dependency update tool that fits into your workflows. - renovatebot/renovate
Renovate really shines. We are so happy with it
Universal dependency update tool that fits into your workflows. - renovatebot/renovate
2020-10-16
Thoughts on HashiCorp Waypoint?
The URL service is enabled by default and points to the public Waypoint URL service
there was some discussion going yesterday in #variant
Also there is a discussion about it in #tilt channel of a Kubernetes community
Learn how to use Waypoint using GitLab CI/CD by following this step-by-step demo.
AWSContainers went live on Twitch. Catch up on their Talk Shows & Podcasts VOD now.
2020-10-21
@here office hours is starting in 30 minutes! Remember to post your questions here.
Jeremy (Cloud Posse) has joined Public “Office Hours”
Jagan Rajagopal has joined Public “Office Hours”
Colton Wrisner has joined Public “Office Hours”
charles pogi has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
sivo has joined Public “Office Hours”
Anton Babenko has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Raja Tejas Yerramalli has joined Public “Office Hours”
Ryan Moore has joined Public “Office Hours”
Tim Gourley has joined Public “Office Hours”
sivo has joined Public “Office Hours”
James Haughey has joined Public “Office Hours”
15139103984 has joined Public “Office Hours”
Marcin Brański has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
majan paul has joined Public “Office Hours”
sivo has joined Public “Office Hours”
Babajide Hassan has joined Public “Office Hours”
Joshua Hoover has joined Public “Office Hours”
Tarlan Isaev has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
Neil Gealy has joined Public “Office Hours”
Sheldon Hull has joined Public “Office Hours”
Rohit G has joined Public “Office Hours”
HCL2 support is a beta work in progress and features are added one by one. As a result it can be hard for end users to know where we are at. While the full list HCL2 issues can be found using the H…
Jawwad Yunus has joined Public “Office Hours”
pepe amengual has joined Public “Office Hours”
Sheldon Hull has joined Public “Office Hours”
A command line editor for HCL. Contribute to minamijoyo/hcledit development by creating an account on GitHub.
vicken has joined Public “Office Hours”
Kareem Shahin has joined Public “Office Hours”
Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amon…
Fernando Castillo has joined Public “Office Hours”
Catalin Costraș has joined Public “Office Hours”
Trevor Hartman has joined Public “Office Hours”
Cloud Posse installer and distribution of native apps, binaries and alpine packages - cloudposse/packages
Public GitHub organization for SAIC Open Source projects - Science Applications International Corporation (SAIC)
Mergify Documentation for Conditions
Stan M has joined Public “Office Hours”
Add the ability to specify a allowlist of GitHub teams and Atlantis commands that those teams can execute. The idea behind this is that an Atlantis operator can pass a parameter to the Atlantis ser…
Example Terraform Reference Architecture that implements a Geodesic Module for an Automated Testing Organization in AWS - cloudposse/testing.cloudposse.co
Example Terraform Reference Architecture that implements a Geodesic Module for an Automated Testing Organization in AWS - cloudposse/testing.cloudposse.co
Collection of Makefiles to facilitate building Golang projects, Dockerfiles, Helm charts, and more - cloudposse/build-harness
Collection of Makefiles to facilitate building Golang projects, Dockerfiles, Helm charts, and more - cloudposse/build-harness
Kubernetes controller for GitHub Actions self-hosted runnners - summerwind/actions-runner-controller
New Zoom Recording from our Office Hours session on 2020-10-21 is now available.
2020-10-22
minamijoyo/hcledit
actually works much better than I expected, so apologise for misleading info I said yesterday during Office Hours
It might be fun to talk about our biggest failures…in terms of what we learned
Let me lead this journey…
This is actually one of my favorite proposal for open-spaces discussions during DevOpsDays (when we have had them in real life… heh)
Let the competition begin!
Actually, it’s the topic I wanted to propose long ago:)
We need to gather IRL… ahh, wait, it is not possible, so +1 to the list of failures…
added to agenda
2020-10-25
After looking into Hashi’s waypoint more, I’m just now taking the time to dig into pack / Cloud Native BuildPacks. Pretty damn cool project.
Would love to hear in the next office hours if anyone in the community is using pack > docker build
, how that journey went, and what the ramifications were on local dev workflows. Also, if anyone has successfully patched a CVE in prod using kpack I’d love to hear about that too.
2020-10-27
2020-10-28
@here office hours is starting in 30 minutes! Remember to post your questions here.
Q: What do you use for local kubernetes development ? Skaffold / Draft / garden.io ?
There is a good talk covering all of these. Lemme find it
Thanks ! I will check this out
Haha wow — she’s at garden now. That’s funny. She did all the solid videos for tilt.dev. I wonder if that says something about tilt vs garden.
Isn’t it vice versa? Isn’t she at Tilt now?:)
Haha you’re right — I got it swapped.
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Justin Ober has joined Public “Office Hours”
Tarlan Isaev has joined Public “Office Hours”
Andy Miguel has joined Public “Office Hours”
Kareem Shahin has joined Public “Office Hours”
Tarlan Isaev has joined Public “Office Hours”
Chris Dutton has joined Public “Office Hours”
Matt Barclay has joined Public “Office Hours”
Leia Renée has joined Public “Office Hours”
Nigel Kirby has joined Public “Office Hours”
vicken has joined Public “Office Hours”
Marc Tamsky has joined Public “Office Hours”
Matt Gowie has joined Public “Office Hours”
Neil Gealy has joined Public “Office Hours”
Michael Martin has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
David Lundgren has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
Udit Dave has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Alex Meyer has joined Public “Office Hours”
Fernando Castillo has joined Public “Office Hours”
Aarat Nadar has joined Public “Office Hours”
Cody Moore has joined Public “Office Hours”
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
Developers no longer have to make their Lambda functions Vault-aware.
ivan pedro has joined Public “Office Hours”
A Kubernetes controller for Elastic Load Balancers - kubernetes-sigs/aws-load-balancer-controller
Jim Park has joined Public “Office Hours”
Marcos Soutullo has joined Public “Office Hours”
It took me a while to figure out what observability was all about. A year or two I asked around and my colleagues told me that I needed to follow Charity Majors and to read her blog (done, and done). Just this week, Charity tweeted: Kislay’s tweet led to his blog post, Observing is not […]
Jason Einon has joined Public “Office Hours”
Jay Zalowitz has joined Public “Office Hours”
sri has joined Public “Office Hours”
Jailson Silva has joined Public “Office Hours”
Blaise pabon has joined Public “Office Hours”
Ola Ade has joined Public “Office Hours”
Isa Aguilar has joined Public “Office Hours”
Cloud Native Buildpacks transform your application source code into images that can run on any cloud.
charles pogi has joined Public “Office Hours”
Adam Blackwell has joined Public “Office Hours”
Kubernetes Native Container Build Service. Contribute to pivotal/kpack development by creating an account on GitHub.
Eric Berg has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
ShapeShift CEO tells the story of the recent ShapeShift hack, detailing the betrayal committed by one of his own employees.
To make error is human. To propagate error to all server in automatic way is #devops.
Related to SaaS monitoring choice exhaustion: https://acloudguru.com/blog/engineering/the-future-of-ops-jobs
The role of operations engineers is changing fast, and the role is bifurcating along the question of infrastructure.
Honeycomb Observability is for modern Engineering and DevOps to observe, debug, and improve production systems efficiently.
Quickly understand context. See across organizational boundaries. Save time finding and fixing errors. New Relic One is everything you need to cut through the complexity and build more perfect software faster.
Marcin Brański has joined Public “Office Hours”
Module composition allows infrastructure to be described from modular building blocks.
A module is a container for multiple resources that are used together.
This could be a question for next week…. I have a desire to have a little dev environment on my laptop… most of the time I am pulling open source projects and self hosting them with some small modifications… Sometimes it’s a monolith project, sometimes a Docker image, sometimes a k8s microservice…. So I thought I would conjure up a local haproxy/dnsmasq and have all my http traffic go through there, where it would get redirected to a local port, or to the ingress of my k3d cluster.
Does anyone already do this? Is there a smarter way?
New Zoom Recording from our Office Hours session on 2020-10-28 is now available.
2020-10-29
@Matt Gowie When I talked about buildpacks giving you the ability to centrally manage updates across a fleet of applications, I was referring to a fairly advanced use case, where updates to a run-time images in a stack trigger rebuilds. I just watched the HashiCorp Waypoint presentations* and I think I may have missed the point. The difference between pack
and docker
options in the build
clause is chiefly a distinction of convenience. pack
offers up dynamic detection and creation of a runnable image. docker
would require the developer provide the dockerfile. I’d say pack
is super convenient when it works, and a real pain to grok when it doesn’t. docker
is more up front work, and a good fallback when pack
proves to be not a good fit.
HashiCorp Waypoint presentations: https://digital.hashiconf.com/on-demand-videos/opening-keynote-KNwDxYvfS
A multi-track livestream platform